Unit 42 researchers have observed an increase in BlackSuit ransomware activity beginning in March 2024 that suggests a ramp up of operations. This threat emerged as a rebrand of Royal ransomware, which occurred in May 2023. Unit 42 tracks the group behind this threat as Ignoble Scorpius.
Since the rebrand, Unit 42 has observed at least 93 victims globally, a quarter of which were in the construction and manufacturing industries. The group describes themselves as an “extortioner named BlackSuit” and claims to reverse file encryption for “quite a small compensation essentially.” Although the group states the compensation is small, Unit 42 has observed that, on average, the initial ransom demand is about equal to 1.6% of the victim organization’s annual revenue.
Read more…
Source: Trend Micro
Related:
- Google warns Gmail users to change passwords after data breach
September 3, 2025
Google is warning about 2.5 billion Gmail users to change their passwords or install a passkey following a data breach that has led to a surge in “phishing” email attacks. The data breach that prompted the warning reportedly happened at a Salesforce database that Google uses internally. The compromised information included basic business contact information such ...
- Cloudflare blocks another largest recorded DDoS attack – this time, peaking at 11.5 Tbps
September 3, 2025
Internet infrastructure provider and global cloud platform, Cloudflare, recently prevented a record-breaking Distributed Denial of Service (DDoS) attack from causing any damage. In a short announcement published on X, Cloudflare said its defenses “have been working overtime” over the past few weeks, autonomously blocking “hundreds of hyper-volumetric DDoS attacks.” Among them was an attack that reached ...
- Zscaler says it suffered data breach following Salesloft Drift compromise
September 3, 2025
We can now add Zscaler to the growing list of Salesloft customers who suffered a third-party cyberattack and lost sensitive customer information after it confirmed data was taken. In the announcement, Zscaler explained it was a customer of Salesloft, whose AI chat platform, Salesloft Drift, was compromised. Since this platform connects with Salesforce, the miscreants managed ...
- Model Namespace Reuse: An AI Supply-Chain Attack Exploiting Model Name Trust
September 3, 2025
Palo Alto Unit 42 research uncovered a fundamental flaw in the AI supply chain that allows attackers to gain Remote Code Execution (RCE) and additional capabilities on major platforms like Microsoft’s Azure AI Foundry, Google’s Vertex AI and thousands of open-source projects. We refer to this issue as Model Namespace Reuse. Hugging Face is a platform ...
- Jaguar Land Rover production severely hit by cyber-attack
September 2, 2025
A cyber-attack has “severely disrupted” Jaguar Land Rover (JLR) vehicle production, including at its two main UK plants. The company, which is owned by India’s Tata Motors, said it took immediate action to lessen the impact of the hack and is working quickly to restart operations. JLR’s retail business has also been badly hit at a ...
- Cookies: What they are for, associated risks, and what session hijacking has to do with it
September 2, 2025
When you visit almost any website, you’ll see a pop-up asking you to accept, decline, or customize the cookies it collects. Sometimes, it just tells you that cookies are in use by default. Kaspersky researchers randomly checked 647 websites, and 563 of them displayed cookie notifications. Most of the time, users don’t even pause to think ...